Home arrow PHP arrow Page 9 - Building an E-Commerce Site Part 2: Managing Users with Sessions

Step 6: A Note on Security - PHP

This is the second article in a three-part series dealing with using PHP 4 and MySQL to make a comprehensive e-commerce storefront solution. This article covers session management within the store, user privileges, and a few security concerns.

TABLE OF CONTENTS:
  1. Building an E-Commerce Site Part 2: Managing Users with Sessions
  2. Assumptions and Requirements
  3. Primer on Sessions
  4. User Management and Privileges
  5. Step 1: Creating the Users Table
  6. Step 2: Extracting the New Scripts
  7. Step 3: General Script Changes from Tutorial 1
  8. Step 5: User Scripts
  9. Step 6: A Note on Security
  10. Step 7: Putting It All Together
By: Ying Zhang
Rating: starstarstarstarstar / 33
May 16, 2000

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

So you may be thinking, "how secure is all this"? That's a good question. There are many places where security can be compromised here, you have to ask yourself:

  • How much do you trust PHP4's session management functions to be immune to people trying to hijack other sessions -- after all there is just one PHPSESSID variable that separates you from everyone else using the system (oooh, scarey thought). How unique is that PHPSESSID anyway?
  • Assuming PHP4's session management functions are bulletproof, how much do you trust the my login routines, and my privilege / access checking routines?
  • How safe is your database? Can someone connect remotely and diddle with your tables and read or alter data without you knowing? (NOTE: Never ever ever ever ever ever ever ever store credit card information in your database. You don't need it there, you don't want the liability!)
  • How safe are your scripts? Can someone change them without you knowing? How safe is your ISP? When was the last time you verified all the permissions on your files so that no one else can read/edit them?

Anyhow, my point is that what we are developing here should NOT be used in a production environment without you understanding all the risks involved. I've just presented a few to get your mind thinking about security risks.



 
 
>>> More PHP Articles          >>> More By Ying Zhang
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: